Can I see the contents of SAM file with a plain text-editor?

2

I have exported the SAM and SYSTEM as Registry Hive Files and I was wondering if it is possible to look inside those files to see what they contain? I opened them with Notepad but I didn't see anything meaningful (to my eyes at least). So I used ophcrack to load the local SAM with samdump2 and I was able to get the NT Hash. I want to know if the SAM file can be read in any other way especially with text editors. Or maybe I should be asking how does samdump2 work?

Django

Posted 2016-01-13T19:03:39.033

Reputation: 65

Answers

1

You can of course open every file in a plain text editor ;)
The question is if you can get any useful from it. This relies on whether it is a plaintext file or a specific format and also on the encoding used. I think in this case it's illegible because of the format not the encoding.

Generally there are some ways how tools like samdump2 work. One is to access the file with SYSTEM privileges (which I think does not work anymore in more modern systems) the other is to load some filesystem drivers that simply ignore the assigned privileges. This is how pwdump7 works for example. This of course requires administrative rights.

davidb

Posted 2016-01-13T19:03:39.033

Reputation: 166

Does Microsoft provide any information related to the issue at hand? – Django – 2016-01-13T19:52:05.263

About which isse exactly? – davidb – 2016-01-13T19:54:05.457

Accessing the source of the file? – Django – 2016-01-13T19:54:42.713

I have not read such but you can find some in the developer notes of pwdump7 – davidb – 2016-01-13T19:58:51.307

Will look at it. – Django – 2016-01-13T20:05:56.773

Asked: 2016-01-13T19:03:39.033

Viewed: 3 181 times

Active: 2017-11-10T05:53:51.227